Forum latest

New malware toolkit thwarts AV
General
Written by Daniel   
Monday, 14 January 2008 12:16

 Random JS Toolkit allows attackers to create threats that only attempt to victimize an individual computer in the same manner a single time to protect against discovery by anti-virus systems

By Matt Hines
January 14, 2008
InfoWorld

Web gateway filtering specialist Finjan is reporting a new toolkit that uses randomized JavaScript to stay hidden from virus crawlers and deliver its payload via compromised Web sites.

Dubbed by Finjan's Malicious Code Research Center (MCRC) as the "Random JS Toolkit," the malware development package is allowing attackers to create threats that only attempt to victimize an individual computer in the same manner a single time to protect against discovery by anti-virus systems and researchers' automated "crawlers."



By dynamically changing the JavaScript employed to deliver each variant of attack being created, and by using random file names that are only delivered to the same machine or IP address once, Finjan researchers said the malware authoring package is meant to avoid the programs used by AV researchers to find new threats emerging on the Web.

Typically when automated crawler programs come across new attack samples, they return to the threats' source URLs to verify their names and characteristics and to create signature files that allow their products to block the programs -- or they enter the sites onto so-called blacklists of compromised domains.... More   comments in the forums
 
Don't Click Here Don't Click Here Either